Privacy Policy

Information We Collect

We collect information you provide directly, information generated by your use of the Registry, and limited information from integrations you choose to use.

• Account information, such as email address, username, password hash, avatar, display name, profile description, email verification status, approval status, notification preferences, and password reset or verification records.
• Public profile and community content, such as app submissions, repository URLs, posts, comments, media, tags, likes, reposts, follows, saves, reports, moderation status, and timestamps.
• App and repository data, such as public GitHub or Hugging Face repository URLs, titles, descriptions, versions, branches, commits, icons, repo references, indexed metadata, and import errors.
• Check-in and desktop bridge data, such as one-time check-in tokens, checkpoint hashes and definitions, visibility settings, platform, architecture, GPU, RAM, VRAM, system fingerprint, draft import tokens, and imported draft metadata or media.
• Optional GitHub connection data, if you link GitHub, such as your GitHub user ID, login, profile URL, avatar URL, and connection timestamp. The current Registry code requests the GitHub read:user scope and stores profile identifiers, not your GitHub password.
• Operational information, such as IP address, user agent, request path, query parameter keys, request timing, session status, error logs, storage usage logs, and other diagnostics used to operate, secure, and debug the service.
• Uploaded files, such as avatars and post, comment, draft, or imported media. Images and videos may be optimized, converted, or transcoded before storage and display.

How We Use Information

• Provide, maintain, secure, and improve the Registry.
• Create and manage accounts, sessions, email verification, password resets, and optional invitations.
• Index public app repositories and display searchable app pages, feeds, leaderboards, and app metadata.
• Publish and moderate community content, reports, comments, likes, reposts, follows, saves, tags, and check-ins.
• Send account, verification, password reset, invite, and notification emails based on your settings.
• Detect abuse, rate-limit risky actions, verify security checks, prevent spam, and enforce our terms.
• Analyze service health, performance, errors, storage usage, and reliability.

Public Content

The Registry is built around public discovery and community activity. Your username, avatar, display name, profile description, public posts, public comments, public check-ins, visible saves, follows, likes, reposts, app submissions, and related timestamps may be visible to other users and search engines. Deleted or moderated content may remain in backups or internal records for a limited period when needed for safety, legal, or operational reasons.

Cookies and Browser Storage

We use cookies and browser storage to keep the service working.

• An HTTP-only session cookie keeps you signed in.
• Temporary GitHub OAuth cookies store OAuth state and return path during account linking.
• Local storage and session storage remember theme and embedded-view preferences.
• Cloudflare Turnstile may use browser signals, cookies, or local storage to run security checks.

Blocking cookies or storage may prevent login, GitHub linking, embedded views, or security checks from working.

How We Share Information

We do not sell personal information. We share information in these limited ways:

• With the public, when you submit public profile information, app data, posts, comments, media, check-ins, or other public activity.
• With service providers that help us host, secure, store, deliver, and email the service.
• With GitHub when you use GitHub OAuth or when the service fetches public repository metadata.
• With Hugging Face, X/Twitter, or other external services when the Registry fetches public content or metadata from URLs you submit.
• When required by law, legal process, safety needs, security investigations, or to protect rights, users, and the service.
• In connection with a merger, acquisition, financing, reorganization, or transfer of the service.

Retention

We keep information as long as needed to provide the Registry, maintain security, comply with legal obligations, resolve disputes, and enforce agreements. Verification, reset, check-in, and bridge tokens are designed to be temporary. Public content and app metadata may remain available until removed, hidden, or no longer needed. Backups, logs, and cached files may persist for a limited time after deletion.

Your Choices

• You can update your profile information and email notification settings in account settings.
• You can unlink your GitHub account from settings.
• You can choose available visibility settings for saves and check-ins where the interface provides them.
• You can delete or edit your own posts and comments where the service allows it.
• You can opt out of non-essential email notifications in settings or by using email controls where provided.
• You can request access, correction, or deletion by contacting us.

Security

We use reasonable technical and organizational safeguards, including password hashing, HTTP-only session cookies, scoped one-time tokens, anti-abuse checks, and access controls for admin features. No internet service can be guaranteed to be completely secure.

Children

The Registry is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us so we can take appropriate action.

International Use

The Registry may be operated from, and information may be processed in, the United States and other countries where we or our service providers operate. These countries may have different data protection laws than your location.

Changes

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date. Your continued use of the Registry after an update means the updated policy applies.

Contact

For privacy questions or requests, contact privacy@pinokio.co.